Vulnerabilities > EMC
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-09-19 | CVE-2011-1740 | Permissions, Privileges, and Access Controls vulnerability in EMC Avamar EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authenticated users to modify client data or obtain sensitive information about product activities by leveraging privileged access to a different domain. | 7.7 |
| 2011-08-23 | CVE-2011-2735 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Autostart 5.3/5.4 Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.1 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted message over TCP. | 7.9 |
| 2011-08-18 | CVE-2011-2733 | Improper Authentication vulnerability in EMC RSA Adaptive Authentication On-Premise 6.0.2.1 EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information. | 7.5 |
| 2011-08-01 | CVE-2011-1744 | Permissions, Privileges, and Access Controls vulnerability in EMC Captiva Einput EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin of calls to ActiveX functions, which allows remote attackers to read arbitrary files or cause a denial of service via a crafted web site. | 5.8 |
| 2011-08-01 | CVE-2011-1743 | Cross-Site Scripting vulnerability in EMC Captiva Einput Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 before 2.1.1.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-08-01 | CVE-2011-1742 | Credentials Management vulnerability in EMC Data Protection Advisor EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file. | 2.1 |
| 2011-07-19 | CVE-2011-1741 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Documentum Eroom 7.4.1/7.4.2/7.4.3 Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP. | 10.0 |
| 2011-05-24 | CVE-2011-1424 | Configuration vulnerability in EMC Sourceone Email Management 6.5.2.3668 The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing. | 3.5 |
| 2011-05-05 | CVE-2011-1423 | Cross-Site Scripting vulnerability in EMC Data Loss Prevention Enterprise Manager 8.0/8.5 Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-04-22 | CVE-2011-1422 | Cross-Site Scripting vulnerability in EMC RSA Adaptive Authentication On-Premise Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in EMC RSA Adaptive Authentication On-Premise (AAOP) 2.x, 5.7.x, and 6.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |